> We're wanting to insulate the PDC from the users. I like that! If you actually let them log in, you might have to support them.
The biggest problem is that, in an NT4 domain, you can't reliably separate the PDC from the rest of the network - too much relies on it being easily available. AD native mode makes this a much more attainable goal. Personally, I'd spend the time defending the data servers more than the authentication servers. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: /dev/null [mailto:dev.null@;beginthread.com] > Sent: Wednesday, November 06, 2002 12:59 PM > To: NT 2000 Discussions > Subject: Re: Moving PDC behind firewall > > > Thanks everyone for the info on this admittedly weird request. > > Everyone has asked why, here's the reason: > > > It's clear (to me at least)the "trusted" LAN is being redefined. > > We're wanting to insulate the PDC from the users. > > Ed Esgro said "PDC will run but it will not be the master browser for > your 10.x.x.x network > it will be the master browser for your 192.x.x.x network". If we put > the PDC and user computers on the same logical (10.*) network > with this > firewall/router in-between the PDC and users and set the > firewall/router > to only forward the protocols we wanted, would this allow the > PDC to be > the master browser? I'm assuming the answer is yes. > > Thanks again for everyone's help. > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
